HVACKer Bridging the Air-Gap by Manipulating the Environment Temperature

Aug 18, 2017 · 3 min read · air-gap hvac physical-separation ·

HVACKer Bridging the Air-Gap by Manipulating the Environment Temperature

Yisroel Mirsky and Mordechai Guri and Yuval Elovici

published in Magdeburger Journal zur Sicherheitsforschung (2017, #14, p. 815-829)

Info

Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather unexplored domain, we propose a novel lineencoding and protocol suitable for this type of channel. Moreover, we provide experimental results to demonstrate the covert channel’s feasibility, and to calculate the channel’s bandwidth. Lastly, we offer a forensic analysis and propose various ways this channel can be detected and prevented. We believe that this study details a previously unseen vector of attack that security experts should be aware of. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences Vol. 2“. Edited by Stefan Schumacher and René Pfeiffer

Downloads

Download: https://d-nb.info/1150679972/34
Mirror at Codeberg: https://codeberg.org/0xKaishakunin/Publikationen/src/branch/main/MagdeburgerJournalSicherheitsforschung/MJS_055_Mirsky_AirgapTemperature.pdf

BibTeX-Entry für mjs:Mirsky:Hvac

 1@article{mjs:Mirsky:Hvac,
 2  author = {Yisroel Mirsky and Mordechai Guri and Yuval Elovici},
 3  title = {HVACKer},
 4  subtitle = {Bridging the Air-Gap by Manipulating the Environment Temperature},
 5  year = {2017},
 6  pages = {815-829},
 7  journaltitle = {Magdeburger Journal zur Sicherheitsforschung},
 8  issn = {2192-4260},
 9  url = {https://d-nb.info/1150679972/34},
10  codeberg = {https://codeberg.org/0xKaishakunin/Publikationen/src/branch/main/MagdeburgerJournalSicherheitsforschung/MJS_055_Mirsky_AirgapTemperature.pdf},
11  language = {DE},
12  issue = {2},
13  volume = {14},
14  urldate = {2017-08-18},
15  keywords = {mjsarticle,ds17,air gap, hvac, physical separation},
16  abstract = {Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather unexplored domain, we propose a novel lineencoding and protocol suitable for this type of channel. Moreover, we provide experimental results to demonstrate the covert channel’s feasibility, and to calculate the channel’s bandwidth. Lastly, we offer a forensic analysis and propose various ways this channel can be detected and prevented. We believe that this study details a previously unseen vector of attack that security experts should be aware of. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences Vol. 2“. Edited by Stefan Schumacher and René Pfeiffer},
17}

AsciiDoc citation commands

1. citenp:[mjs:Mirsky:Hvac]
2. cite:[mjs:Mirsky:Hvac]
3. bibitem[mjs:Mirsky:Hvac]

LaTeX citation commands

1. \textcite{mjs:Mirsky:Hvac}
2. \parencite{mjs:Mirsky:Hvac}
3. \cite{mjs:Mirsky:Hvac}

generated at Mon May 12 10:48:34 2025